Apparatus and methods for selective data network access

ABSTRACT

Wireless data network access architecture and methods enabling location-specific and/or user-specific provision of services or resources. In one embodiment, an end-user device makes a request for service within a wireless LAN (WLAN). A wireless access point (WAP) controller/policy server determines whether the user device meets criteria for a first user status or a second user status, and assigns the appropriate status to an identifier of the end-user device. When the user device is assigned the first user status, the user device is provided network access according to e.g., a first permissible bandwidth allocation. Otherwise, the user device is provided network access according to a second, different bandwidth allocation. The first and second user status may be assigned based on a location of the user device within e.g., a venue, a class of end-user device, end user application, an access pass associated with the user device, or yet other criteria.

RELATED APPLICATIONS

The present application is generally related to the subject matter of co-pending and co-owned U.S. patent application Ser. Nos. 14/534,067 filed Nov. 5, 2014 and entitled “METHODS AND APPARATUS FOR DETERMINING AN OPTIMIZED WIRELESS INTERFACE INSTALLATION CONFIGURATION”, 14/302,313 filed Jun. 11, 2014 and entitled “METHODS AND APPARATUS FOR ACCESS POINT LOCATION”, and 14/959,948 filed contemporaneously herewith on Dec. 4, 2015 and entitled “APPARATUS AND METHOD FOR WIRELESS NETWORK EXTENSIBILITY AND ENHANCEMENT,” each of the foregoing incorporated herein by reference in its entirety.

COPYRIGHT

A portion of the disclosure of this patent document contains material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright rights whatsoever.

BACKGROUND

1. Technological Field

The present disclosure relates generally to the field of delivery of digital media data (e.g., text, video, audio, image files, and/or data files such as executables or other data structures) over data delivery networks, and specifically in one exemplary aspect to apparatus and methods for controlling selectable degrees of access of end-user devices to data delivery networks.

2. Description of Related Technology

In many public and private locations/venues, such as e.g., sports arenas, conference centers, hotels, concert halls, airports, etc., wireless networks are provided for connection of end-user devices (e.g., mobile and/or personal computing devices such as smartphones, tablets, laptops, etc.) to data delivery networks, including unmanaged networks such as the Internet. Such wireless networks may typically employ, e.g., access points (APs) and other infrastructure compliant with one or more IEEE 802.11 standards (so-called “Wi-Fi”). Such provided wireless networks, however, have a limited degree of access and/or consumable bandwidth capacity that can be made available to the users. Moreover, in such locations, there are potentially thousands of users that may attempt to access the provided wireless networks via their personal devices, sometimes at or nearly at the same time (such as where an event occurs, and the wireless users wish to engage in reporting or social media communications regarding the event). Among the pool of users, it may be desirable allow a selected group of users to have a greater degree of access (e.g., greater permissible bandwidth consumption, “head-of-the-line” privileges for the same amount of bandwidth as others, etc.). For example, some subset of the larger group may have valid reasons for requiring such enhanced access (e.g., the types or quantity of information they are sending or receiving may dictate a greater share of available bandwidth, and/or such head-of-the-line privileges due to e.g., urgency or time sensitivity).

Moreover, in that most users of wireless (and in fact other) networks typically are quite asymmetric in their uses (e.g., download bandwidth demanded is typically prevalent over upload bandwidth demanded), extant networks will often allocate more available network and backbone bandwidth to downstream channels for e.g., download, so as to mitigate user delays and loss of user experience. However, the foregoing paradigm may not be applicable in all cases, and in fact, situations may exist where required upstream/upload bandwidth (including that from multiple wireless users to one or more base stations or access points) far outstrips the downstream/download bandwidth, especially at fairly discrete points in time.

Without proper management of network access and parameters relating thereto, such scenarios as noted supra can result in the wireless access corollary of a “traffic jam”; access granted to only a subset of users in e.g., “first come, first served” fashion, with significant bandwidth limitation on each of the users who are lucky enough to obtain access. Clearly, the foregoing approach is not optimal, and results in significant user frustration, especially with the user's service provider.

One current solution for providing a sufficient degree of network access to a selected subset of a larger group of users is to exclude other (non-selected) users from network access. For example, a network can be password protected and the password distributed only to the selected group. These strategies may thus in certain cases provide a necessary degree of access to the selected group of users, yet none of these conventional solutions allows for, inter alia, other users to have a lower degree of access (e.g., access that does not interrupt uplink and/or downlink usage of the selected group of users) to the data network.

Additionally, any extant solutions that could address the foregoing problems require significant “intelligence” at the wireless access point or further up into the supporting distribution network; i.e., the wireless access point must be able to conduct evaluation of the requesting user device and/or user account, which necessitates use of a more complex device, and greater analytical capability in “sniffing” or examining packets and various aspects of the content or other data being transmitted or received by the requesting user (e.g., at higher layers within the protocol stack of the WAP or any associated controller). For example, were access privileges to be determined based on user ID or credentials alone, traffic associated with that user could not be easily identified, especially by a comparatively “dumb” wireless access point (WAP) or controller, and hence would require significant additional signaling and overhead to process selected or high-priority user requests or traffic, such as in maintaining QoS for traffic of the user.

Based on the foregoing, it is clear that while prior art solutions have generally recognized the need for providing network access to a selected group from a pool of users, there is a need for apparatus and methods that provide a greater degree of data network access (e.g., a greater uplink/downlink bandwidth), and control and configurability thereof, to a subset (e.g., selected group) of users, such as within a specific location/venue where many users are aggregated. In certain cases, it would further be desirable to provide a “best effort” degree of data network access (e.g., in some instances, a lesser uplink/downlink bandwidth depending on availability of the network) to other users within the same location/venue as well (as contrasted with provision of a high level of service to the “selected” users, and little or no service to others).

Ideal solutions would also be compatible with standardized hardware/software/operating systems, and be able to be implemented quickly with low development and resource overhead.

SUMMARY

The present disclosure addresses the foregoing needs by providing, inter alia, methods and apparatus for providing selectable degrees of data network access to end-user devices within e.g., a location/venue.

In a first aspect, a controller apparatus is disclosed. In one embodiment, the controller apparatus includes a processor apparatus configured to execute at least one computer program; a storage apparatus configured to store data, the comprising a user status that is at least one of (i) a first user status associated with a first permissible bandwidth consumption, and/or (ii) a second user status associated with a second permissible bandwidth consumption, the second permissible consumption being less than the first permissible consumption; a first data interface in data communication with the processor apparatus and configured for signal communication with a local area wireless network; a second interface data communication with the processor apparatus and configured for signal communication with a network entity of managed content delivery network (CDN); and a computer-readable storage apparatus having at least one computer program comprising a plurality of non-transitory computer readable instructions.

In one variant, the instructions are configured to, when executed by the processor apparatus, cause the apparatus to: receive a first connection request from a first user device via the first interface; determine that the first user device has been associated with the first user status; assign the first permissible bandwidth to the first user device when the first user device is associated with the first user status; provide access to the CDN via the second interface for the first user device consistent with the first permissible bandwidth consumption; receive a second connection request from a second user device via the first interface; determine that the second user device has been associated with the second user status; assign the second permissible bandwidth consumption to the second user device when the second user device is associated with the second user status; and provide access to the CDN via the second interface for the second user device consistent with the second permissible bandwidth consumption.

In another variant, the first user status and the second user status are assigned, respectively, based on respective ones of a location within a venue of each of the first user device and the second user device, the respective ones of the location being one of a higher priority area and a lower priority area.

In a further variant, the first and second user requests respectively comprise first and second media access control (MAC) values associated with the first and second user devices, and the first and second user statuses are respectively assigned based at least on the first and second MAC values; and the controller apparatus is further configured to determine the respective ones of the locations of the first and second user devices based at least on MAC data relating to respective wireless access points (WAPs) associated with the first and second user devices.

In yet another variant, the first user device is in signal communication with a first wireless access point located in the higher priority area and the second user device is in signal communication with a second wireless access point located in the lower priority area; and the first user status is associated with the first wireless access point and the second user status is associated with the second wireless access point. The first wireless access point has a first media access control (MAC) address detectable by the controller apparatus and the second wireless access point has a second MAC address detectable by the controller apparatus; and the first user status is associated with the first MAC address and the second user status is associated with the second MAC address.

In another variant, the first user status and the second user status are assigned, respectively, based on a class of end-user application of each of the first user device and the second user device, the class of end user application being one of a higher bandwidth consumption application class and a lower bandwidth consumption application class.

In another embodiment, the controller apparatus includes: a processor apparatus configured to execute at least one computer program; a storage device in data communication with the processor apparatus; a first data interface in data communication with the processor apparatus and configured for signal communication with a wireless local area network (WLAN) access point; a second interface data communication with the processor apparatus and configured for signal communication with a network entity of managed content delivery network (CDN); and a computer-readable storage apparatus having at least one computer program comprising a plurality of non-transitory computer readable instructions.

In one variant, the instructions are configured to, when executed by the processor apparatus, cause the apparatus to: receive a first service request from a first user device via the first interface, the first service request comprising a device-specific identifier of the first user device; utilize at least a portion of the first service request to authenticate, within the CDN, the first user device as having a privilege associated with the WLAN; receive data indicative of the privilege from the CDN and store the data in the storage device; and subsequently utilize the stored data to cause the access point to recognize subsequent service requests from the first user device, and implement one or more policies for data access according to the privilege.

In another variant, the device-specific identifier comprises a MAC address, and the one or more policies comprises increased upstream data bandwidth for the first user device.

In a further variant, the device-specific identifier comprises a MAC address, use of the MAC address obviating the WLAN or CDN from having to evaluate data contained within a payload of the subsequent service requests for determination of policy.

In another aspect, a method of providing wireless local area network (WLAN)-based services to a plurality of users within a prescribed location is disclosed. In one embodiment, the method includes: receiving a first request from a user device of first user of the plurality at the WLAN, the first request comprising data explicitly identifying the user device and requesting access to a content distribution and delivery network via the wireless local-area network; utilizing the data explicitly identifying the user device to access a network entity to determine a privilege of the user device within the WLAN; obtaining data indicative of the privilege from the network entity; utilizing the data indicative of the privilege to selectively implement at least one WLAN access policy with respect to the user device; and applying a second policy to others of the plurality of users.

In one variant of the method, the WLAN comprises a wireless access point (WAP), the receiving the first request comprises receiving the first request at the WAP, and the method further comprises forwarding at least a portion of the first message to the network entity via a managed content delivery network (CDN) infrastructure. The network entity comprises an entity in data communication with a database of user-specific data both (i) associating the user device with the first user, and (ii) identifying the privilege. The data explicitly identifying the user device comprises for instance a media access control (MAC) address, and the utilizing the data to access a network entity to determine a privilege of the user device within the WLAN comprises accessing the database.

In one implementation, the utilizing the data indicative of the privilege to selectively implement at least one WLAN access policy with respect to the user device comprises: providing the data indicative of the privilege to a controller in data communication with the WAP; and utilizing the provided data within at least one of the WAP and the controller to correlate the privilege with the at least one WLAN access policy.

In another variant, the data explicitly identifying the user device comprises a media access control (MAC) address, and the selectively implementing the at least one WLAN access policy comprises: subsequently identifying a plurality of data associated with the user device of the first user based at least on the MAC address; and handling the identified plurality of data according to the at least one WLAN access policy. The handling the identified plurality of data according to the at least one WLAN access policy comprises for example providing the plurality of data head-of-the-line privilege to available data communications bandwidth of the WLAN. Alternatively, the handling the identified plurality of data according to the at least one WLAN access policy comprises reserving a prescribed portion of available data communications bandwidth of the WLAN for use by the user device.

In another variant, the WLAN comprises a plurality of wireless access points (WAPs), and the method further comprises: determining one of the plurality of WAPs with which the user device has associated; and utilizing the data indicative of the privilege and a location associated with the determined one of the plurality of WAPS to selectively implement the at least one WLAN access policy for the location only.

In a further aspect of the disclosure, a method of providing enhanced wireless local area network (WLAN)-based services to a plurality of users within a prescribed location is disclosed. In one embodiment, the WLAN comprises a plurality of wireless access points, only a portion of which are enabled for provision of the enhanced WLAN-based services, and the method includes: receiving a first request from a user device of first user of the plurality at the WLAN, the first request comprising data explicitly identifying the user device and requesting access to a content distribution and delivery network via the wireless local-area network; utilizing the data identifying the user device to access a network entity to determine a privilege of the user device within the WLAN; obtaining data indicative of the privilege from the network entity; obtaining data relating to a one of the plurality of wireless access points with which the user device is associated; determining that the one wireless access point is enabled for provision of the enhanced WLAN-based services; and utilizing the data indicative of the privilege, and the determination that the one wireless access point is enabled for provision of the enhanced WLAN-based services, to selectively implement at least one WLAN access policy with respect to the user device so as to provide the enhanced WLAN-based services.

In another aspect, a system enabling selectable levels of wireless access for individuals via a WLAN is disclosed. In one embodiment, the system utilizes a plurality of WAPs in a given venue to differentiate services to users (e.g., multiple systems operator or MSO subscribers) based on the user's location within the venue. In one variant, the system utilizes one or more WAP controllers on the back end of the WLAN to implement resource allocation policies as enabled or directed by the MSO's authentication and entitlements infrastructure.

In a further aspect, a method of operating a wireless LAN (WLAN) is disclosed. In one embodiment, the method includes utilizing user device-specific data to differentiate access to enhanced wireless access services so as to obviate higher layer data packet evaluation.

In yet another aspect, a computer-readable apparatus is disclosed. In one embodiment, the computer readable apparatus comprises a storage medium configured to store at least one computer program thereon. In one variant, the computer-readable apparatus is part of a WAP controller in a WLAN-enabled MSO infrastructure. In another variant, the computer-readable apparatus is that of a mobile or end-user device of a user (e.g., subscriber) of the network. In yet another variant, the apparatus is part of a CDN policy or authentication/entitlements server.

In still another aspect, a computer program for use on a mobile device is disclosed. In one embodiment, the computer program comprises an application program (e.g., “app”) rendered in a programming language suitable for operation on a mobile or user device operating system (e.g., a Java-based app for use on an Android™ smartphone), and configured to enable the user's device to optimize its operation within a WLAN. In one variant, the WLAN comprises an enhanced-capability WLAN as described above, and is operated by an MSO of a host CDN. The app allows the user device to locate itself (e.g., via GPS receiver of the mobile device) and determine which of a plurality of WAPs within range of the mobile device at that location is appropriate for the user at that location (e.g., a “VIP” (very important person) or press user located in a press box would only want to utilize the enhanced WAP).

These and other aspects shall become apparent when considered in light of the disclosure provided herein.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a functional block diagram illustrating an exemplary hybrid fiber network configuration useful with various aspects of the present disclosure.

FIG. 1a is a functional block diagram illustrating one exemplary network headend configuration.

FIG. 1b is a functional block diagram illustrating one exemplary local service node configuration useful with various aspects of the present disclosure.

FIG. 1c is a functional block diagram illustrating one exemplary broadcast switched architecture (BSA) network.

FIG. 1d is a functional block diagram illustrating one exemplary packetized content delivery network architecture useful with various aspects of the present disclosure.

FIG. 2 is a logical block diagram of an exemplary selected degree of data network access architecture useful in conjunction with various principles described herein.

FIG. 3 is a functional block diagram illustrating an exemplary wireless access point (WAP) controller useful in conjunction with various principles described herein.

FIG. 4 is a logical flow diagram representing one embodiment of a method for establishing a connection between an end-user device and a WAP.

FIG. 5 is a logical flow diagram representing one embodiment of a method for operating a system used for controlling selectable degrees of data network access according to the present disclosure.

FIG. 6 is a logical flow diagram representing one embodiment of a method for operating a WAP controller used for controlling selectable degrees of data network access according to the present disclosure.

FIG. 7 is logical “ladder” representation of an exemplary call flow of a selectable data network access system useful in conjunction with various principles described herein.

FIG. 8 is a block diagram representing an example auditorium configured with the functionality described herein.

FIG. 9 is a block diagram representing an example sports arena configured with the functionality described herein.

All figures © Copyright 2015 Time Warner Enterprises LLC. All rights reserved.

DETAILED DESCRIPTION

Reference is now made to the drawings wherein like numerals refer to like parts throughout.

As used herein, the term “application” refers generally and without limitation to a unit of executable software that implements a certain functionality or theme. The themes of applications vary broadly across any number of disciplines and functions (such as on-demand content management, e-commerce transactions, brokerage transactions, home entertainment, calculator etc.), and one application may have more than one theme. The unit of executable software generally runs in a predetermined environment; for example, the unit could include a downloadable Java Xlet™ that runs within the JavaTV™ environment.

As used herein, the term “client device” includes, but is not limited to, set-top boxes (e.g., DSTBs), gateways, modems, personal computers (PCs), and minicomputers, whether desktop, laptop, or otherwise, and mobile devices such as handheld computers, PDAs, personal media devices (PMDs), tablets, “phablets”, and smartphones.

As used herein, the term “codec” refers to a video, audio, or other data coding and/or decoding algorithm, process or apparatus including, without limitation, those of the MPEG (e.g., MPEG-1, MPEG-2, MPEG-4/H.264, etc.), Real (RealVideo, etc.), AC-3 (audio), DiVX, XViD/ViDX, Windows Media Video (e.g., WMV 7, 8, 9, 10, or 11), ATI Video codec, or VC-1 (SMPTE standard 421M) families.

As used herein, the term “computer program” or “software” is meant to include any sequence or human or machine cognizable steps which perform a function. Such program may be rendered in virtually any programming language or environment including, for example, C/C++, Fortran, COBOL, PASCAL, assembly language, markup languages (e.g., HTML, SGML, XML, VoXML), and the like, as well as object-oriented environments such as the Common Object Request Broker Architecture (CORBA), Java™ (including J2ME, Java Beans, etc.) and the like.

The term “Customer Premises Equipment (CPE)” refers without limitation to any type of electronic equipment located within a customer's or subscriber's premises and connected to or in communication with a network.

As used herein, the term “display” means any type of device adapted to display information, including without limitation CRTs, LCDs, TFTs, plasma displays, LEDs (e.g., OLEDs), incandescent and fluorescent devices, or combinations/integrations thereof. Display devices may also include less dynamic devices such as, for example, printers, e-ink devices, and the like.

As used herein, the term “DOCSIS” refers to any of the existing or planned variants of the Data Over Cable Services Interface Specification, including for example DOCSIS versions 1.0, 1.1, 2.0, 3.0 and 3.1.

As used herein, the term “headend” refers generally to a networked system controlled by an operator (e.g., an MSO) that distributes programming to MSO clientele using client devices. Such programming may include literally any information source/receiver including, inter alia, free-to-air TV channels, pay TV channels, interactive TV, and the Internet.

As used herein, the terms “Internet” and “internet” are used interchangeably to refer to inter-networks including, without limitation, the Internet.

As used herein, the term “memory” includes any type of integrated circuit or other storage device adapted for storing digital data including, without limitation, ROM. PROM, EEPROM, DRAM, SDRAM, DDR/2 SDRAM, EDO/FPMS, RLDRAM, SRAM, “flash” memory (e.g., NAND/NOR), and PSRAM.

As used herein, the terms “microprocessor” and “processor” or “digital processor” are meant generally to include all types of digital processing devices including, without limitation, digital signal processors (DSPs), reduced instruction set computers (RISC), general-purpose (CISC) processors, microprocessors, gate arrays (e.g., FPGAs), PLDs, reconfigurable computer fabrics (RCFs), array processors, secure microprocessors, and application-specific integrated circuits (ASICs). Such digital processors may be contained on a single unitary IC die, or distributed across multiple components.

As used herein, the terms “MSO” or “multiple systems operator” refer to a cable, satellite, or terrestrial network provider having infrastructure required to deliver services including programming and data over those mediums.

As used herein, the terms “network” and “bearer network” refer generally to any type of telecommunications or data network including, without limitation, hybrid fiber coax (HFC) networks, satellite networks, telco networks, and data networks (including MANs, WANs, LANs, WLANs, internets, and intranets). Such networks or portions thereof may utilize any one or more different topologies (e.g., ring, bus, star, loop, etc.), transmission media (e.g., wired/RF cable, RF wireless, millimeter wave, optical, etc.) and/or communications or networking protocols (e.g., SONET, DOCSIS, IEEE Std. 802.3, ATM, X.25, Frame Relay, 3GPP, 3GPP2, WAP, SIP, UDP, FTP, RTP/RTCP, H.323, etc.).

As used herein, the term “network interface” refers to any signal or data interface with a component or network including, without limitation, those of the FireWire (e.g., FW400, FW800, etc.), USB (e.g., USB2), Ethernet (e.g., 10/100, 10/100/1000 (Gigabit Ethernet), 10-Gig-E, etc.), MoCA, Coaxsys (e.g., TVnet™), radio frequency tuner (e.g., in-band or OOB, cable modem, etc.), Wi-Fi (802.11), WiMAX (802.16), Zigbee®, Z-wave, PAN (e.g., 802.15), power line carrier (PLC), or IrDA families.

As used herein, the term “QAM” refers to modulation schemes used for sending signals over cable networks. Such modulation scheme might use any constellation level (e.g. QPSK, 16-QAM, 64-QAM, 256-QAM, etc.) depending on details of a cable network. A QAM may also refer to a physical channel modulated according to the schemes.

As used herein, the term “server” refers to any computerized component, system or entity regardless of form which is adapted to provide data, files, applications, content, or other services to one or more other devices or entities on a computer network.

As used herein, the term “storage” refers to without limitation computer hard drives, DVR device, memory, RAID devices or arrays, optical media (e.g., CD-ROMs, Laserdiscs, Blu-Ray, etc.), or any other devices or media capable of storing content or other information.

As used herein, the term “Wi-Fi” refers to, without limitation, any of the variants of IEEE-Std. 802.11 or related standards including 802.11 a/b/g/n/s/v/ac or 802.11-2012.

As used herein, the term “wireless” means any wireless signal, data, communication, or other interface including without limitation Wi-Fi, Bluetooth, 3G (3GPP/3GPP2), HSDPA/HSUPA, TDMA, CDMA (e.g., IS-95A, WCDMA, etc.), FHSS, DSSS, GSM, PAN/802.15, WiMAX (802.16), 802.20, Zigbee®, Z-wave, narrowband/FDMA, OFDM, PCS/DCS, LTE/LTE-A, analog cellular, CDPD, satellite systems, millimeter wave or microwave systems, acoustic, and infrared (i.e., IrDA).

Overview

In one aspect, the present disclosure provides a “selectable” data network access system and methods relating thereto. In one exemplary embodiment, the system is intended to reserve or allocate a greater degree of access to a data network, such as for selected users that require and/or request such. Specifically, the exemplary system is configured to provide a greater degree of data network access and/or performance (e.g., a greater uplink/downlink bandwidth, a greater permissible bandwidth consumption, higher priority, better quality/QoS, etc.) to a selected group of users within a location/venue. In one implementation, the foregoing features are provided while also providing a “best effort” data network access (e.g., in some instances a lesser uplink/downlink bandwidth depending on availability of the network, a lesser permissible bandwidth consumption, priority, quality, etc.) to other users; i.e., users other than those in the selected group of users, within the same location/venue after accommodating the higher priority delivery.

Accordingly, in one example scenario, sufficient uplink bandwidth can be selectively provided to members of the media for rapid upload of media content to their respective corporate or third-party servers, while maintaining lower level data network access to other users. In another example scenario, superior wireless service (e.g., faster, better quality, more expansive choices, no advertising, etc.) can be provided to so-called “VIP” users, while maintaining lower-level data network access to other users. In one variant, the user's resource allocation within the wireless access network (e.g., a Wi-Fi WLAN) is determined based on a media access control (MAC) ID or address associated with the user's device, thereby advantageously obviating more detailed or sophisticated analysis required to evaluate the user and his/her needs.

In another variant, the degree and/or “quality” of network access is region- or area-specific, leveraging the ability of the network operator to differentiate location of users based on association of the user's wireless device to a given wireless access point (and hence resolving their range from the access point to within a given region). In one implementation, the user's association with a given WAP is determined by MAC address of the access point hardware.

In addition, security and redundancy schemes may be advantageously deployed consistent with the various aspects disclosed herein.

Methods of operating the foregoing system, including methods of enhancing subscriber satisfaction and conducting business, are also disclosed.

Detailed Description

As referenced above, various aspects of the present disclosure are directed to schemes for providing a solution that, in real time, allocates wireless and network resources to particular users and/or locations.

Specifically, exemplary implementations of the foregoing schemes described herein allow the degree of data network access or functionality to be location-specific. For example, the selected group of users may be located in one or more high priority regions of a venue (e.g., a press box, exhibition floor, VIP area, etc.). The selected group of users in such higher priority regions may be assigned a first user status that is associated with a higher permissible bandwidth consumption or other desired functionality (e.g., low latency and/or high throughput data network access, isochronous data transmission, etc.). Other users may be located in one or more lower-priority regions of the venue. Users in the one or more lower-priority regions may be assigned a second user status that is associated with a lower permissible bandwidth consumption and/or less feature-rich service. Thus, sufficient resources (such as upstream bandwidth) are reserved for the selected group of users, despite network activity of other users.

For example, in some instances, a selected group of the user pool may include one or more members of the press, such as reporters, videographers, and/or other media representatives. It may be desirable to provide the members of the press with a greater degree of network access (e.g., uplink bandwidth) so that they may upload media content (e.g., screenshots, photos, video, written content, etc.) in a timely manner, which is critical to news reporting. In another example, a selected group of the user pool may include one or more VIP guests to whom it is desirable to provide a greater degree of network access, such as foreign dignitaries or their support staff, who require timely access to information (both downlink and uplink).

In yet another example, a selected group of the user pool may include users who pay for a greater degree of network access, or who are subscribers of the MSO or other network operator that is providing the network access.

In even another example, a selected group of users can include users having an end-user device (e.g., audio visual recording equipment, high definition camera, etc.) and/or one or more end user applications (e.g., streaming multimedia applications, file transfer protocol (FTP) applications, etc.) that consume a greater degree of bandwidth. Those of ordinary skill in the related arts will readily appreciate that bandwidth is merely one metric for connectivity; other important requirements for network connectivity may include e.g., latency, throughput, QoS, and/or lossless delivery, etc.

In some variants, the degree of data network access is access pass-specific. For instance, the selected group of users may be those having a higher access pass (e.g., pre-paid or pre-issued access pass) associated with their respective end-user devices based on e.g., a device-specific ID such as MAC. The selected group of users having higher access passes may be assigned a first user status that is associated with a higher permissible bandwidth consumption. The selected group of users (e.g., members of the media, VIP users, etc.) may then be provided with a greater degree of network access (e.g., low latency and/or high throughput data network access, isochronous data transmission, etc.). Other users may have a lower access pass (e.g., free access pass) associated with their respective end-user devices, which may then be assigned a second user status that is associated with a lower permissible bandwidth consumption. Users assigned the second user status may then be provided with a lesser degree of network access (e.g., high latency and/or low throughput data network access, asynchronous data transmission, etc.). Thus, as in the example above, sufficient bandwidth is reserved for the selected group of users, despite network activity of other users.

In additional variants, the system may be configured to automatically switch a user to a different access pass upon expiration of the currently in-use pass. Accordingly, if a user device is accessing the network via a higher access pass and the higher access pass expires, the user device can be automatically switched to a lower access pass (e.g., a free access pass). Conversely, if a user device is accessing the network via lower access pass and the lower access pass expires, the user device can automatically switch to a higher access pass (e.g., a pre-paid access pass).

Additionally or alternatively, further variant systems and methods of the present disclosure may include assigning the first user status (associated with the higher permissible bandwidth access) and the second user status (associated with the lower permissible bandwidth access) based on a classification of the end-user device and/or end user application. For example, a higher bandwidth consumption end-user device (e.g., audio visual equipment, high definition (HD) cameras) may be assigned the first user status, while a lower bandwidth consumption end-user device (e.g., text devices, low resolution devices, etc.) may be assigned the second user status. In another example, a higher bandwidth consumption end user application (e.g., streaming multimedia application, file transfer protocol (FTP) applications, etc.) may be assigned the second user status, while a lower bandwidth consumption end user application (e.g., text applications, social media applications, etc.) may be assigned the second user status.

Other variants of the present disclosure envision additional degrees of permissible bandwidth consumption (e.g., a third user status having a medial permissible bandwidth consumption) for scenarios where it is desirable to have more than two tiers of data network access service. Still other variants of the present disclosure may include shared bandwidth amongst a portion of users (e.g., a selected group of the higher priority users share a fixed bandwidth), in-home embodiments (e.g., selected higher priority users designated within a residential network), and/or opt-in/opt-out services (e.g., a user can opt out of higher priority service).

Accordingly, the foregoing aspects and exemplary embodiments of the apparatus and methods of the present disclosure are now described in detail. While these exemplary embodiments are described in the context of a wireless network (e.g., WLAN) in data communication with a managed hybrid fiber coax (HFC) cable architecture having a multiple systems operator (MSO), the general principles and advantages of the disclosure may be extended to other types of networks and architectures that are configured to deliver digital media data (e.g., text, video, audio, executables, data files and archives, etc.). Such other networks or architectures may be broadband, narrowband, wired or wireless, or otherwise, the following therefore being merely exemplary in nature.

As but one example, the methods and apparatus provided herein could be applied to a so-called “Internet-of-things” or IoT system whereby certain types, functions, or classes of wireless-enabled devices are granted access or privileges or features as compared to other non-privileged devices within, e.g., an intra-premises or inter-premises network such as a PAN or Zigbee network.

It will also be appreciated that while described generally in the context of a network providing service to a customer or consumer (i.e., residential) end user domain, the present disclosure may be readily adapted to other types of environments including, e.g., commercial/enterprise, research and development, and government/military applications. Myriad other applications are possible.

Also, while certain aspects are described primarily in the context of the well-known Internet Protocol (described in, inter alia, Internet Protocol DARPA Internet Program Protocol Specification, IETF RCF 791 (September 1981) and Deering, et al., Internet Protocol, Version 6 (IPv6) Specification, IETF RFC 2460 (December 1998) each of which is incorporated herein by reference in its entirety), it will be appreciated that the present disclosure may utilize other types of protocols (and in fact bearer networks to include other internets and intranets) to implement the described functionality.

Other features and advantages of the present disclosure will immediately be recognized by persons of ordinary skill in the art with reference to the attached drawings and detailed description of exemplary embodiments as given below.

Service Provider Network—

FIG. 1 illustrates a typical service provider network configuration useful with the features of the wireless network described herein. This service provider network 100 is used in one embodiment of the disclosure to provide backbone and Internet access from the service provider's wireless access points (e.g., those in a populated area or venue such as previously described). As opposed to an unmanaged network, the managed service-provider network of FIG. 1 advantageously allows, inter alia, control and management of a given user's access via the wireless access point(s), including imposition and/or reconfiguration of the access “rules” applied to the wireless access points. As but one example, the wireless access points (see discussion of FIG. 2 infra) disposed at the service location (e.g., stadium) can be coupled to the bearer managed network (FIG. 1) via e.g., a cable modem termination system (CMTS) and associated local DOCSIS modem at the venue, a wireless bearer medium (e.g., an 802.16 WiMAX system), a fiber-based system such as FiOS or similar, a third-party medium which the managed network operator has access to (which may include any of the foregoing), or yet other means.

Advantageously, the service provider network 100 also allows components at the service location (e.g., Wi-Fi APs and any supporting infrastructure such as routers, switches, MIMO or modulation coding scheme (MCS) or other physical layer (PHY) configurations, etc.) to be remotely reconfigured by the network MSO, based on e.g., prevailing operational conditions in the network, changes in user population and/or makeup of users at the service location, business models (e.g., to maximize profitability), etc. This is especially true in the exemplary context of subscribers of the managed network which, based on subscription level, tenure, client equipment, or other factors may be included or removed from certain subsets of the potential user population at the venue, given access to different features or privileges, etc. (as compared to say, an unaffiliated generic or opportunistic user who just happens to be at the venue with a Wi-Fi-enabled device).

The various components of the exemplary embodiment of the network 100 include (i) one or more data and application origination points 102; (ii) one or more content sources 103, (iii) one or more application distribution servers 104; (iv) one or more VOD servers 105, and (v) customer premises equipment (CPE) 106. The distribution server(s) 104, VOD servers 105 and CPE(s) 106 are connected via a bearer (e.g., HFC) network 101. A simple architecture comprising one of each of the aforementioned components 102, 103, 104, 105, 106 is shown in FIG. 1 for simplicity, although it will be recognized that comparable architectures with multiple origination points, distribution servers, VOD servers, and/or CPE devices (as well as different network topologies) may be utilized consistent with the present disclosure. For example, the headend architecture of FIG. 1a (described in greater detail below), or others, may be used.

Also shown in FIG. 1 are exemplary wireless access points (WAPs), discussed in greater detail below, which are serviced (backhauled) via one or more of a coaxial cable backhaul or an optical fiber backhaul, although yet other approaches may be used consistent with the disclosure (e.g., millimeter wave). For example, the WAPs may be serviced by one or more coaxial drops to the WAP location(s) from e.g., a DOCSIS cable modem (e.g., one of the CPE 106 shown in FIG. 1) and local “backbone”. Alternatively, a direct fiber drop (e.g., FTTH or FTTC) may be used as shown. Any number of different configurations will be appreciated by those of ordinary skill in the art given the present disclosure.

FIG. 1a shows one exemplary embodiment of a headend architecture is described. As shown in FIG. 1a , the headend architecture 150 comprises typical headend components and services including billing module 152, subscriber management system (SMS) and CPE configuration management module 154, cable-modem termination system (CMTS) and OOB system 156, as well as LAN(s) 158, 160 placing the various components in data communication with one another. It will be appreciated that while a bar or bus LAN topology is illustrated, any number of other arrangements as previously referenced (e.g., ring, star, etc.) may be used consistent with the disclosure. It will also be appreciated that the headend configuration depicted in FIG. 1a is high-level, conceptual architecture, and that each MSO may have multiple headends deployed using custom architectures.

The exemplary architecture 150 of FIG. 1a further includes a conditional access system (CAS) 157 and a multiplexer-encrypter-modulator (MEM) 162 coupled to the HFC network 101 adapted to process or condition content for transmission over the network. The distribution servers 164 are coupled to the LAN 160, which provides access to the MEM 162 and network 101 via one or more file servers 170. The VOD servers 105 are coupled to the LAN 160 as well, although other architectures may be employed (such as for example where the VOD servers are associated with a core switching device such as an 802.3z Gigabit Ethernet device). As previously described, information is carried across multiple channels. Thus, the headend must be adapted to acquire the information for the carried channels from various sources. Typically, the channels being delivered from the headend 150 to the CPE 106 (“downstream”) are multiplexed together in the headend, as previously described and sent to neighborhood hubs (FIG. 1b ) via a variety of interposed network components.

Content (e.g., audio, video, data, files, etc.) is provided in each downstream (in-band) channel associated with the relevant service group. To communicate with the headend or intermediary node (e.g., hub server), the CPE 106 may use the out-of-band (OOB) or DOCSIS channels and associated protocols. The OCAP 1.0, 2.0, 3.0 (and subsequent) specification provides for exemplary networking protocols both downstream and upstream, although the present disclosure is in no way limited to these approaches.

FIG. 1c illustrates an exemplary “switched” network architecture which may be used consistent with the present disclosure for, inter alia, provision of services to the venue(s) of interest. Specifically, the headend 150 contains switched broadcast control 190 and media path functions 192; these element cooperating to control and feed, respectively, downstream or edge switching devices 194 at the hub site which are used to selectively switch broadcast streams to various service groups. BSA (broadcast switched architecture) media path 192 may include a staging processor 195, source programs, and bulk encryption in communication with a switch 275. A BSA server 196 is also disposed at the hub site, and implements functions related to switching and bandwidth conservation (in conjunction with a management entity 198 disposed at the headend). An optical transport ring 197 is utilized to distribute the dense wave-division multiplexed (DWDM) optical signals to each hub in an efficient fashion.

In addition to “broadcast” content (e.g., video programming), the systems of FIGS. 1a and 1c (and 1 d discussed below) also deliver Internet data services using the Internet protocol (IP), although other protocols and transport mechanisms of the type well known in the digital communication art may be substituted. One exemplary delivery paradigm comprises delivering MPEG-based video content, with the video transported to user PCs (or IP-based STBs) over the aforementioned DOCSIS channels comprising MPEG (or other video codec such as H.264 or AVC) over IP over MPEG. That is, the higher layer MPEG- or other encoded content is encapsulated using an IP protocol, which then utilizes an MPEG packetization of the type well known in the art for delivery over the RF channels. In this fashion, a parallel delivery mode to the normal broadcast delivery exists; i.e., delivery of video content both over traditional downstream QAMs to the tuner of the user's STB or other receiver device for viewing on the television, and also as packetized IP data over the DOCSIS QAMs to the user's PC or other IP-enabled device via the user's cable modem. Delivery in such packetized modes may be unicast, multicast, or broadcast.

Referring again to FIG. 1c , the IP packets associated with Internet services are received by edge switch 194, and in one embodiment forwarded to the cable modem termination system (CMTS) 199. The CMTS examines the packets, and forwards packets intended for the local network to the edge switch 194. Other packets are discarded or routed to another component.

The edge switch 194 forwards the packets receive from the CMTS 199 to the QAM modulator 189, which transmits the packets on one or more physical (QAM-modulated RF) channels to the CPE. The IP packets are typically transmitted on RF channels (e.g., DOCSIS QAMs) that are different that the RF channels used for the broadcast video and audio programming, although this is not a requirement. The CPE 106 are each configured to monitor the particular assigned RF channel (such as via a port or socket ID/address, or other such mechanism) for IP packets intended for the subscriber premises/address that they serve.

While the foregoing network architectures described herein can (and in fact do) carry packetized content (e.g., IP over MPEG for high-speed data or Internet TV, MPEG2 packet content over QAM for MPTS, etc.), they are often not optimized for such delivery. Hence, in accordance with another embodiment of the disclosure, a “packet optimized” delivery network is used for carriage of the packet content (e.g., IPTV content). FIG. 1d illustrates one exemplary implementation of such a network, in the context of a 3GPP IMS (IP Multimedia Subsystem) network with common control plane and service delivery platform (SDP), as described in co-pending U.S. Provisional Patent Application Ser. No. 61/256,903 filed Oct. 30, 2009 and entitled “METHODS AND APPARATUS FOR PACKETIZED CONTENT DELIVERY OVER A CONTENT DELIVERY NETWORK”, which is now published as U.S. Patent Application Publication No. 2011/0103374 of the same title filed on Apr. 21, 2010, each of which is incorporated herein by reference in its entirety. Such a network provides, inter alia, significant enhancements in terms of common control of different services, implementation and management of content delivery sessions according to unicast or multicast models, etc.; however, it is appreciated that the various features of the present disclosure are in no way limited to this or any of the other foregoing architectures.

Selectable Data Network Access Architecture—

FIG. 2 illustrates a logical block diagram of an exemplary configuration of a selectable data network access architecture 200 consistent with the present disclosure. The architecture 200 of FIG. 2 can be thought of as somewhat of a “logical overlay” of the various hardware and component topologies of FIGS. 1-1 d herein, and illustrates and end-to-end abstraction or conceptual architecture to further illustrate the operation of the exemplary system of the disclosure.

Moreover, while the architecture 200 of FIG. 2 is described in the context of an Internet Protocol (IP) network (e.g., one using an IP protocol over a transport control protocol (TCP) transport), it will be recognized that the principles of the disclosure may be extended to other transport modalities and network paradigms.

The architecture of FIG. 2 provides, inter alia, selectable degrees of data network access to a user devices 202 via a connection to a network 204 (e.g., a content delivery network (CDN) such as those of FIGS. 1-1 d) through a regional data center 206. In one embodiment of the present disclosure, the network 204 comprises an internet, such as e.g., the Internet. The network 204 may also be in communication with a national data center 208, one or more public internet locations 212, and/or a service platform 214.

In the illustrated embodiment, the national data center 208 includes load balancers 216, remote authentication dial-in user service (RADIUS) servers 218, a lightweight directory access protocol (LDAP) 220, a broadband provisioning system (BPS) 222, a cable modem termination system (CMTS) 224, a dynamic host configuration protocol (DHCP) 226, and a trivial file transfer protocol (TFTP)/application server 228. It will be appreciated that in alternate embodiments, the national data center 208 may include fewer or additional protocols, servers, directories, and/or other components, the configuration of FIG. 2 merely exemplary in this regard.

Further, in the illustrated embodiment, the service platform 214 includes a mail exchange server (EES) 230, a personalized server (PS) 232, a streaming/content server 234, a subscriber database 236, an application server 238, a commercial server 240, and a thin client update server 242. Similarly, in alternate embodiments, the service platform 214 may include fewer or additional servers, data bases, and/or other components.

As shown in FIG. 2, access of end-user devices 202 to the network 204 is regulated and/or controlled by the regional data center 206. The regional data center 206 includes wireless access point (WAP) controllers 244 (244 a, 244 b, 244 c) (i.e., controller apparatus) each in signal communication with one of wireless access points (WAPs) 246 (246 a, 246 b, 246 c). It will be appreciated that the aforementioned signal communication may comprise one or both of “wired” (e.g., copper, optical, etc.) and wireless communication, although in many embodiments, best bandwidth capacity is typically achieved via cable or optical fiber drops to the WAPs. It will be further appreciated that although three WAPs and WAP controllers are shown in FIG. 2, the system architecture can include more or fewer WAPs and/or corresponding WAP controllers (e.g., two, five, six, etc.). Further, in other examples, a single WAP controller can be configured to control/regulate more than one WAP in the system architecture, or conversely, multiple controllers can be utilized to control a single or lesser number of WAPs (such as e.g., where logical control functions or processes affecting a single WAP are distributed across two or more controllers, for purposes of redundancy, etc.); hence, the illustrated architecture 200 of FIG. 2 is merely logical (conceptual) for purposes of illustration, and does not necessarily represent actual component configurations in an implementation.

The WAPs 246 are in the exemplary embodiment devices that allow the end-user devices 202 to connect to a wired or other network, such as the network 204 shown, using wireless technology (e.g., Wi-Fi or other limited-range wireless multi-user access technology). In some examples, the WAPs are each configured to provide a wireless local area network (WLAN) accessible to user devices within a physical range of the WAP, transmit a beacon frame to announce the presence of the wireless LAN (for use by the wireless-enabled end-user devices within range), and receive probe requests from these end-user devices in order to establish communications between a given WAP and end-user device(s). The range of the WAP can vary depending on placement, obstructions, type of antenna, weather, operating frequency, etc., but is typically limited to a range within approximately a 100 ft. radius of the WAP. Accordingly, end-user devices that are within range of the WAP can access the network via the corresponding provided WLAN, while end-user devices outside of the range of the WAP are unable to access the associated WLAN, and thus are unable to access the network. Thus, in the example depicted in FIG. 2, the end-user devices 202 a are within range of the WAP 246 a, the end-user devices 202 b are within range of the WAP 246 b, and the end-user devices 202 c are within range of the WAP 246 c. It is appreciated that there is typically at least some overlap between the WAPs in terms of coverage, such that a given user device can associate with one of a plurality of possible WAPs at a given location.

As stated above, each of the WAP controllers 244 is in signal communication with at least one of the WAPs 246. Additionally, as indicated in FIG. 2, each of the WAP controllers 244 is in further signal communication with one or more switches 248, policy servers 250 (250 a, 250 b), and network address translation (NAT) routers 252 (252 a, 252 b), which allow access to the network 204. In other words, a second interface of each of the WAP controllers 244 is in signal communication with the network 204 (e.g., a CDN).

In the illustrated implementation, the WAP controllers 244 are each in direct communication with both of the switches 248 (248 a, 248 b) so as to permit, inter alia, cross-connect between them if desired. The switches 248 are network switches configured to connect the various wireless LANs (i.e., wireless LANs generated by WAPs 246 and WAP controllers 244) into a combined wired LAN (i.e., a larger LAN), such as for example for serving a specific location/venue, and allow communication between the WAP controllers 244 and the policy servers 250 and the NAT routers 252.

The above described components located within the regional data center 206 (e.g., WAPs 246, WAP controllers 244, NATs 252, policy servers 250, etc.) are in the illustrated embodiment in communication with one or more authentication, authorization, and accounting (AAA) servers (not shown) at the national data center 208 (e.g., a subsection of the RADIUS servers). The AAA servers are configured to provide, inter alia, authorization services and facilitate tracking and/or control of files at the TCP/IP level. In general, the AAA servers accept access control requests, process the requests against a formal set of statements that define allocation of the network 204 resources, and return access control responses. Network resources can be allocated based on client authorization privileges (or so-called “entitlements”, such as via an entitlement management message (EMM); see also e.g., the exemplary methods and apparatus described in co-owned U.S. patent application Ser. No. 12/536,724, filed on Aug. 6, 2009 and entitled “System And Method For Managing Entitlements To Data Over A Network”, now U.S. Pat. No. 8,341,242, which is incorporated herein by reference in its entirety, which may be used consistent with the present disclosure for such functions), availability of network resources, and/or any other factors the network manager may specify when composing the policy. Further, authentication, authorization, and accounting provide a framework for intelligently controlling access to computer resources, enforcing policies, auditing usage, and providing the information necessary to bill for services.

Authentication processes in the illustrated implementation are configured to identify a user, typically by having the user enter a valid user name and valid password before access is granted. The process of authentication may be based on each user having a unique set of criteria or credentials (e.g., unique user name and password, challenge questions, entry of biometric data, entry of “human” verification data such as “Captcha” data, etc.) for gaining access to the network 204 at the TCIP/IP level. Specifically, the AAA servers may compare a user's authentication credentials with user credentials stored in a database. If the authentication credentials match the stored credentials, the user may then be granted access to the network 204. If the credentials are at variance, authentication fails and network access may be denied.

Following authentication, the AAA servers are configured to grant a user authorization for certain features, functions, and/or doing certain tasks. After logging into a system, for instance, the user may try to issue commands. The authorization process determines whether the user has the authority to issue such commands. Simply put, authorization is the process of enforcing policies: determining what types or qualities of activities, resources, or services a user is permitted. Usually, authorization occurs within the context of authentication. Once a user is authenticated, they may be authorized for different types of access or activity. A given user may also have different types, sets, or levels of authorization, depending on any number of aspects. For instance, a given “press” user (described subsequently herein) may only have press-related credentials (and hence access to one or more of the enhanced features described herein) within certain time windows or in certain circumstances, such as when the user is attending an event at a venue in their official capacity as a Press representative. In one variant, the AAA (or other entity) receives data from a third-party server or proxy relating to authorizations to be granted to an individual at certain times/event (e.g., “John Smith is authorized for Press access at Concert A on date xx-yy-zzzz, but not Concert B on date aa-bb-cccc” or the like).

The AAA servers may be further configured for accounting, which measures the resources a user consumes during access. This may include the amount of system time or the amount of data a user has sent and/or received during a session, somewhat akin to cellular data plans based on so many consumed or available Gb of data. Accounting may be carried out by logging of session statistics and usage information, and is used for, inter alia, authorization control, billing, trend analysis, resource utilization, and capacity planning activities. It will be appreciated that in other examples, one or more AAA servers can be located at the regional data center, and may be linked to a third-party or proxy server, such as that of an event management entity.

After a user is granted access to the network 204 via the AAA servers, a unique ID of the user device (e.g., a MAC address) is provided to the policy servers 250 in communication with the WAP controllers 244. The policy servers 250 (i.e. WAP policy servers) are, in the exemplary implementation, substantially security components within regional data center 206 (i.e., local policy servers) for regulating access to the wired LAN and enforcing selectable degree of data network access policies for the WAP controllers. Specifically, policy servers 250 are configured to, in combination with WAP controllers 244, implement the “selectable” degree of data network access protocols (such as by implementing the method 600 shown in FIG. 6). In general, the policy servers accept access control requests at the local level (e.g., media access control (MAC) layer), process the requests against a formal set of statements or rules that define allocation of the wired LAN's resources, and return access control responses. The wired LAN resources are allocated via the policy servers 250 based on, in one variant, an assigned user status associated with the end-user device identifying information (e.g., MAC address). As described elsewhere herein, user status may be assigned based on any one or more of a variety of different considerations or parameters, such as (i) location within a venue of the user device, (ii) a class of end-user device, (iii) a class of end user application, and/or (iv) an access pass associated with the user device.

The NAT routers 252 are configured to connect the wired LAN of the location/venue to external networks, such as the network 204, and are in direct communication with the external network. Though not specifically shown, each of the NAT routers 252 may each include a processing apparatus, memory, and/or a storage apparatus with computerized logic such as e.g., computer programs, which may include NAT tables to perform translation/switching capabilities between a source (e.g., one or end the end-user devices 202) and another device.

The NAT routers 252 may for example map multiple private IP addresses (e.g., IP addresses for each of WAPs 246 provided by a DHCP server residing in a CMTS environment such as that of FIG. 1c , IP addresses for each of end-user devices 202, etc.) to one or more publicly exposed IP addresses assigned by an Internet service provider. As is known, network address translation (NAT) is a scheme of mapping for instance an IP address space into another by modifying network address information in IP packet headers while in transit across a traffic routing device. Destination NAT (DNAT) is a technique for transparently changing the destination IP address of an end route packet and performing the inverse function for any replies. Source NAT (SNAT) is a technique for transparently changing the source IP address of a packet and performing the inverse function for any replies.

In one exemplary implementation of the present disclosure, as data passes from the LAN to the external network (i.e., network 204), the source address in each data packet may be translated from a private address to the public address via the NAT routers. Further, the NAT routers may track basic data about each active connection (particularly the destination address and port). When a reply returns to the NAT routers, they may use the connection tracking data stored during the outbound phase to determine the private address on the internal network to which to forward the reply. Furthermore, the NAT routers 252 may be configured to establish Transmission Control Protocol (TCP)/IP connections. These connections may utilize, e.g., Real Time Protocol (RTP) or Real Time Streaming Protocol (RTSP) via User Datagram Protocol (UDP).

Exemplary WAP Controller and WAP Policy Server—

Referring now to FIG. 3, a functional block diagram illustrating an exemplary wireless access point (WAP) controller (one of the WAP controllers 244) and an exemplary policy server (one of policy servers 250) is disclosed. The WAP controller 244 comprises a processing apparatus 302 (i.e., a processor), memory 304 (i.e., a storage apparatus), and is in communication with the network backbone 204 (i.e., part of the MSO content delivery network (CDN)), switches 248, policy servers 250, the NAT routers 252, wireless access points (WAPs) 246, and/or the end-user device 202 via (network) interfaces 306. Specifically, the interfaces 306 can include a first interface in signal communication with a wireless network (e.g., the WAPs 246) and a second interface in signal communication with the backbone of the content delivery network (CDN) 204. These interfaces might comprise for instance GbE (Gigabit Ethernet) or other interfaces of suitable bandwidth capability to support the operation of the WLAN (customer side) and wireline LAN. In one variant, the WAPs include a coaxial cable interface and modem capable of communicating with the WAP controllers via coaxial cable drops to the premises/venue, akin to extant customer installations for the HFC-based networks of FIGS. 1-1 d. For instance, in one implementation utilized by the Assignee hereof, all traffic (including data, control, management) are sent to the MSO backbone, which utilizes a plurality of “drops” (e.g., coax cable) which are serviced by the HFC network and CMTS (FIGS. 1-1 c herein) to one or more wireless core networks in regional data centers (RDCs) where the WAP Controllers are located.

The processing apparatus 302 is configured to execute at least one computer program stored in memory 304 (e.g., non-transitory computer readable storage media). The computer program may include a plurality of computer readable instructions for operating the WAP controller 244, such as e.g., using the method shown in FIG. 5 (described in detail elsewhere herein). The memory 304 may additionally locally store other data (e.g., user status, permissible bandwidth consumption, etc.), or such data may be stored remotely within the MSO's managed network (or at a third-party service provider used to maintain/analyze such data).

As shown in FIG. 3, the WAP controller 244 is in data communication with one or more policy servers 250, which enforce(s) or implements the desired “selectable” data network access policies for the wireless local area network (LAN) provided by WAPs 246. It will be appreciated that in other configurations contemplated by the present disclosure, the policy server may be made physically integral to the WAP controller, and/or one or more of its logical processes may be integrated therewith (such as using a common application or other computer program or resource to perform the various desired controller and policy functions). In this fashion, certain policy functions may be delegated to entities closer to the service location (e.g., venue), which may provide access to data which has not yet (or cannot) propagate further upstream into the MSO network.

In one embodiment, the policy server 250 comprises a processing apparatus 310 (i.e., a processor), memory 312 (i.e., a storage apparatus), and is in communication with the backbone of the CDN 204, switches 248, policy servers 250, the NAT routers 252, wireless access points (WAPs) 246, and/or the end-user device 202, via one or more interfaces 314.

In one embodiment, the processing apparatus 310 of the policy server is configured to execute at least one computer program stored in memory 312 (e.g., non-transitory computer readable storage media). The computer program may e.g., implement the exemplary methods for operating the WAP controller 244 and/or the policy server 250 as shown in FIGS. 4-6 (described in detail elsewhere herein).

The operation of the WAP controller(s) 244 and the policy server(s) 250 are described elsewhere herein, such as, inter alia, in reference to methods 400, 500, and 600 shown in FIGS. 4-6, respectively.

Methods—

Referring now to FIGS. 4 and 5, exemplary embodiments of methods for operating the various components of the regional data center 206, including the wireless access point (WAP) controllers 244 and the policy servers 250, and for associating an end-user device with a WAP, are described.

One exemplary method 400 for associating an end-user device with a WAP is shown in FIG. 4 herein. First, at step 402, the WAP emits a beacon frame, which is a periodically emitted signal announcing the presence of the WAP within the wireless local access network (LAN).

At step 404, an end-user device receives and/or detects the beacon frame, and in turn sends a probe request to the WAP, requesting information from the specific access point. In response to receipt of the probe request, at step 406, the WAP sends a probe response to the requesting end-user device. The end-user device then sends an authentication request to the WAP at step 408, and the authentication data (e.g., a local WAP password such as a guest password) from the user device is verified by the WAP at step 410.

In response to receipt of an unacceptable authentication request, at step 412, the WAP denies access to the wireless LAN for end-user device. Alternatively, if the WAP receives an acceptable authentication request, at step 414, the WAP sends an approved authentication response to the requesting end-user device.

At step 416, the end-user device then sends an association response to the WAP. In response to receipt of the association request, at step 418, the WAP sends an association response to the requesting end-user device in order to complete association of the end-user device and the WAP.

It will be appreciated that method 400 is just one example method for association of an end-user device and a WAP, and other methods having fewer or additional steps can alternatively be included.

Moreover, different types of authentication or “credentialing” can be utilized consistent with the methodology of FIG. 4. For example, in one variant, the user's credentials are generally ubiquitous or consistent with their access across the MSO's entire network, such as where the user's ID or username can be used to access various heterogeneous functions with the MSO's network, such as content on-demand, DOCSIS modem Internet access at their premises, etc. Alternatively, the WLAN user credentials can be made specific to the WLAN function, or even subsets of the WLAN access function (e.g., separate credentials for the user's “VIP Press Pass” function versus other functions).

It will also be recognized that access to one or more functions can be gated or conditional on various information. For example, in one implementation, a user attempting to associate with a given WAP will be first challenged to provide credentials to authenticate to the AAA server (e.g., user ID, password, biometric data such as a thumb print on a smartphone capacitive touch screen, facial recognition, etc.). Once the identity of the user is verified, for example as being a valid MSO subscriber, the MAC address or other data indicative of the particular user device is passed upstream as described elsewhere herein in order to verify that the particular user device is in fact associated with the user, and in fact is authorized for the enhanced policy implementation by the WAP/WAP controller.

In another implementation, the MAC address is utilized by itself to authenticate the user; i.e., the presumption being that the user is in fact in possession of their own device, and the unique device MAC address (presumably registered in the MSO authentication database) need only be validated as being associated with an MSO subscriber who has enhanced policy privileges.

In another implementation, the MAC address and information about the associated WAP are used by the MSO to authenticate the user (e.g., as an MSO subscriber validate) and to validate their access to the enhanced wireless access policy at the particular WAP —this is in contrast to a “blanket” authorization as described elsewhere herein (i.e., authentication as an MSO customer with privilege enables immediate access to the enhanced wireless services, wherever they may be offered). For instance, the MSO AAA server may be consulted for (i) the authentication, (ii) to verify that the MAC address of the user's device is registered with the user (MSO subscriber), and (iii) that the MAC address or location data associated with the WAP which the user device is attempting to access is in fact authorized for that user (e.g., a particular press member is authorized by U.S. Secret Service for entry into the Press Box at a Presidential debate, and attendant access to a WAP covering that Press Box).

In yet another implementation, the MAC address can be used by itself in authenticating to a third party authentication server (whether directly or via the MSO CDN). For instance, at the aforementioned Presidential debate, press members may need to be cleared by U.S. Secret Service, including their media or personal electronic devices being validated/identified by the MAC address in a database maintained by the Secret Service. Hence, when the user associates with a WAP in the “Press Box”, the MAC address is used by the WAP/WAP controller to access the Secret Service database to verify that the particular device is authorized in that area. The MSO database may also be used in tandem to verify that the user has privilege for the enhanced wireless access policies provided by the WAP in the Press Box, separate from the user's right to be in the Press Box.

Referring now to FIG. 5, one exemplary embodiment of a method for operation is shown. At step 502 of the method 500, one or more of the end-user devices 202 is associated with one of the WAPs. This might occur, depending on application layer software configuration within the end-user device (e.g., tablet, smartphone, etc.), either automatically, such as where the user device signs into the WAP using its credentials (e.g., user ID, password, etc.) based on a given selection criterion such as strongest RSSI, first WAP encountered, according to a predetermined hierarchy or list, or yet other approaches. Alternatively, the association may be made manually, such as via the application layer software of the user device (e.g., a “settings” or similar menu, wherein a listing of available WAPs and their associated name, signal strength, network data, etc. are shown). As noted previously, in the exemplary instance of Wi-Fi, the WAPs will periodically issue beacons to advertise their presence to the end-user devices which may be in wireless range of the WAP's physical layer (e.g., 2.4/5.0 GHz radio waves). These beacons will enable the user device to obtain and display various information relating to the WAP (e.g., name such as “Time Warner Cable Wireless Access Point”, RSSI, network address, etc.) as previously noted.

After association of the end-user device and the WAP is established, at step 504 the WAP is then synchronized and in communication with the WAP controller, this being accomplished using well known techniques such as those specified in the Wi-Fi Standards.

Next, at step 506, the WAP controller and WAP policy server perform accounting and registration for the requesting end-user device (e.g., the user's smartphone, tablet, Wi-Fi enabled camera, media device, etc.), and communicate the registration to the AAA server. Accounting and registration information communicated to the AAA server may include for example an authentication of the service provider and/or user account. The AAA server may perform any of the previously described authentication, authorization, and/or accounting procedures in order to verify access to the network for the requesting end-user device at step 508.

In response to receipt of unacceptable accounting and registration information, at step 510, the AAA server denies access to the wired LAN for the end-user device. Alternatively, in response to receipt of acceptable accounting and registration information, at step 512, the AAA server grants access for the end-user device and an accounting response such as a message rendered according to a given communications protocol (e.g., a lightweight communications protocol implemented specifically for this purpose, or alternatively a generalized messaging protocol) from the AAA server is tagged with identifying information (e.g., media access control (MAC) address) for the end-user device and/or the associated WAP. At step 514, the WAP controller receives the accounting response from the AAA server.

In response to verification by the AAA server and receipt of the accounting response message, the WAP policy server and/or the WAP controller determines and assigns a “user status” to the requesting end-user device, and associates the assigned user status with the unique identifier of the end-user device (e.g., “MAC” address such as MAC-48, EUI-48, EUI-64, or other format) at step 516. It will be appreciated that the term “user status” as used in the present context is intended broadly, and may include any number of different implementations which communicate information to entities elsewhere in the network (e.g., the WAPs/WAP controllers at the network edge) indicative of or useful in provisioning and providing the desired services or functions to the requesting end-user device(s). For example, in one such implementation, one or more data elements or codes are used to indicate to the recipient network entity (e.g., WAP/controller), based on entry into a locally-maintained lookup table of policies, which policy or policies to apply to communications or service requests of the particular end-user device (based on MAC). As a simple illustration, a given code or data value may be indicative of a “VIP Press” user (i.e., the end-user device thereof), which should be granted “head-of-the-line” on bandwidth requests, additional bandwidth under an extant bandwidth allocation scheme, implementation of a asymmetric bandwidth policy (e.g., same downstream, but enhanced upstream), certain QoS rules, and so forth.

As described elsewhere herein, such status may also be associated with or indicative of a location of the requesting user device, such as in the “press box” at a given event, such that the user, by virtue of their location, is granted additional or enhanced functionality or privileges.

In another approach, the WAP/controller may utilize the received “user status” (e.g., code or data structure) to access one of the policy servers (FIG. 2) or a proxy thereof to obtain a current policy definition for the user device.

The access request of FIG. 5 may include a request for access based on a user status associated with a specific permissible bandwidth consumption for the end-user device. The WAP controller, in communication with the WAP policy server, may assign a user status associated with a permissible bandwidth consumption to an end-user device, such as by using the example method 600 shown in FIG. 6.

As shown in FIG. 6, the WAP controller/policy server receive the authenticated accounting response including identifying information (e.g., MAC address) for the end-user device and/or the associated WAP (step 602). At step 604, the WAP controller/policy server determine a location of the end-user device identifying information within the location/venue. Specifically, the WAP controller/policy server determine if the WAP associated with the end-user device is located in a higher priority region, rather than being in a lower priority region. Further, at step 606 the WAP controller/policy server detect an access pass associated with the end-user device identifying information. Specifically, the WAP controller/policy server determines if the end-user device includes a higher access pass (e.g., a pre-paid access), rather than a lower access pass (e.g., a free access pass). Furthermore, at step 608, the WAP controller/policy server detect a classification of the end-user device associated with the end-user device identifying information. Specifically, the WAP controller/policy server determine if the end-user device is of a higher bandwidth consumption device class, rather than a lower bandwidth consumption device class. Further still, at step 610, the WAP controller/policy server detect a classification of the end user application. Specifically, the WAP controller/policy server determine if the end user application is of a higher bandwidth consumption class, rather than a lower bandwidth consumption class.

If one or more of the decisions made at steps 604-610 is true (i.e., YES), then the WAP controller/policy server may assign a first user status granting and/or being associated with a higher permissible bandwidth consumption to the end-user device identifying information at step 612. Alternatively, if one or more of the decisions made at steps 604-610 is false (i.e., NO), then the WAP controller/policy server may assign a second user status granting and/or being associated with a lower permissible bandwidth consumption to the end-user device identifying information at step 614. It will be appreciated that steps 604-610 are substantially a formal set of statements that define allocation of the LAN's resources. It will be further appreciated that in alternate embodiments the set of formal statements can include more or fewer control statements and/or the control statements can be alternately employed as instructed by a network administrator. It will be still further appreciated that in alternate embodiments the formal statements can include additional user status assignments for varying degrees of permissible bandwidth consumption (e.g., a third user status associated with a medial permissible bandwidth consumption, etc.).

Returning again to FIG. 5, at step 518, the WAP policy server and/or the WAP controller sends an access request to the AAA server including the user status assigned to the requesting end-user device. At step 520, the AAA server then an access accept notification to the WAP policy server verifying the user and/or WAP profiles. Finally, at step 522, the WAP policy server and the WAP controller synchronize in order to grant network access to the requesting end-user device based on the assigned user status and associated permissible bandwidth consumption.

FIG. 7 is a schematic diagram illustrating an example “call” flow 700 (including exemplary methods 400, 500, and 600) in the context of the MSO CDN and associated WLAN architecture of FIGS. 1-2.

In another example methodology, the WAP controller 244 (i.e., controller apparatus) the set of formal statements of the WAP policy server in its memory 304. Thus, the memory 304 may include storing at least a first user status associated with a first permissible bandwidth consumption and a second user status associated with a second permissible bandwidth consumption. The processor 302 of the WAP controller 244 is configured to execute a computer program (including non-transitory computer readable instructions) that cause the WAP controller 244 to: receive a request for connection from an end-user device 202 and determine if the requesting end-user device is associated with the first user status (e.g., located in a higher priory region, associated with a higher access pass, of a higher bandwidth consumption device class, and/or uses a higher bandwidth consumption application, etc.) or the second user status (e.g., located in a lower priory region, associated with a lower access pass, of a lower bandwidth consumption device class, and/or uses a lower bandwidth consumption application, etc.).

If the WAP controller 244 determines that the end-user device 202 meets criteria for the first user status, the end-user device is assigned the first user status associated with the first permissible bandwidth consumption (i.e., a higher permissible bandwidth consumption) and is provided access to the network 204 based on the first permissible bandwidth consumption. Thus, the end-user device 202, in this instance, is a higher priority user and has greater access to the network 204 (e.g., access including low latency, high throughput, and/or isochronous data transmission, etc.) than other users.

Alternatively, if the WAP 244 determines that the end-user device 202 meets criteria for the second user status, the end-user device is assigned with second user status associated with the second permissible bandwidth consumption (i.e., a lower permissible bandwidth consumption) and is provided access to the network 204 based on the second permissible bandwidth consumption. Thus, the end-user device 202, in this instance, is a lower priority user and has less access to the network 204 (e.g., access including high latency, low throughput, and/or asynchronous data transmission, etc.) than other higher priority users. It will be appreciated that in examples including a third user status associated with a medial permissible bandwidth consumption, a similar method may be carried out to determine if an end-user device meets criteria for the third user status and provide network access to the end-user device based on the medial permissible bandwidth consumption.

For purposes of further illustration, specific use cases for the “selectable” data network access systems and methods are now described in reference to the venues 800 and 900 shown in FIGS. 8 and 9, respectively.

Example Location/Venue Uses Cases—

FIG. 8 shows a first example venue 800 (i.e., auditorium) where the selectable network access system architecture 200 may be implemented. The venue 800 includes a stage 802 (e.g., a performance stage, a conference stage, etc.), a priority seating area 804 (e.g., a seating area for VIP and/or members of the media) and a general seating area 806. Two of the wireless access points (WAPs) 246 a are located proximate to the priority seating area 804, while three of WAPs 246 c are located proximate to the general seating area 806. Therefore, the end-user devices 202 a are within the wireless local area network (LAN) range of WAPs 246 a and the end-user devices 202 c are within the wireless LAN range of WAPs 246 c.

In one example, when requesting network access, the user devices 202 a may be associated with a higher access pass and/or a location (i.e., a higher priority region) of the venue, such as may be determined by a unique identifier (e.g., MAC address) or other data of the particular WAP 246 a with which the user device associates. Thus, a first user status may be assigned to the user devices 202 a in order to provide network access according to the first policy (e.g., higher permissible bandwidth consumption). Further, the type and/or classification of the end-user device can be detected by the system 200, and the specific end-user device 202 a can be assigned a greater permissible bandwidth (i.e., greater than the higher permissible bandwidth associated with the first user status). For example, an 802.11g-compliant device may have less upstream bandwidth capability by virtue of e.g., its air interface configuration, such as selected modulation/coding scheme, use or absence of diversity antennae, etc., as compared to say another user's 802.11AC-compliant device. By correlating the MAC address of the particular user device, the network 200 can detect situations where additional allocations of e.g., upstream bandwidth will be useless to the end user based on the physical limitations of that user's device. Hence, in one variant, a given MSO subscriber or user registers their end-user devices on an individual basis, such registration including provision (or e.g., automated discovery of) the hardware/firmware/software configuration of the given device along with it MAC address. Accordingly, the AAA or other MSO network entity can, upon receiving a request initiated from the end-user device, not only associate the user status (e.g., available bandwidth to be allocated) with that MAC, but also apply one or more logical policies thereto, such as allocation of bandwidth by the WAP/WAP controller only to the “physical” limits of the specific user device. In this fashion, no WAP/network bandwidth is “stranded” within individual subscriber requests for service, wherein such requests can never feasibly use all of the bandwidth allocated to them.

Additionally or alternatively, the type and/or classification of the end-user device application can be detected by the system 200, and the specific end-user device 202 a can be assigned a given policy based thereon (e.g., greater permissible bandwidth). For example, two identical pieces of user equipment might run different application layer software or processes (e.g., FTP, HTTP, etc.), utilize different peripherals or media devices, etc. such that one type of application requires greater bandwidth resources than the other. Consider for example a streaming HD or 4K quality video encoding application used by a press member to generate and upload video content (for e.g., a news story) would be allocated more bandwidth or other resources than an audio-only press member performing an audio interview for a radio station, regardless of the fact that the hardware platforms that the different users were utilizing are identical. The present disclosure also contemplates signaling to the end user device (such as initiated at the WAP controller) to modify or adjust its upload behavior, such as e.g., “clamping” bit rate on its codecs to a constant bit rate, so as to obviate allocating bandwidth for (comparatively) limited instances where the codec demands a high “peak” bit rate, but otherwise remains well below that peak.

Further, when requesting network access, the user devices 202 c may be associated with a lower access pass and/or a location (i.e., a lower priority region) of the user devices, which may be determined by a unique identifier (e.g., MAC address) of the WAPs 246 c. Thus, a second user status may be assigned to the user devices 202 c in order to provide network access according to a second permissible bandwidth consumption or other feature. Further, as noted above, the type and/or classification of the end-user device can be detected by the system 200, and the specific end-user device 202 c can be assigned a greater permissible bandwidth (i.e., greater than the lower permissible bandwidth associated with the second user status). Additionally or alternatively, the type and/or classification of the end-user device application can be detected by the system 200 and the specific end-user device 202 c can be allocated resources based thereon.

Hence, as noted in the examples above, there can be several sub-classifications within any given tier of service if desired, and moreover, several different combinations of bases on which the user access privileges are determined (e.g., user device MAC (and user authentication) only, user device MAC (and authentication) and location within the venue, location (and user authentication) only, and so forth).

FIG. 9 shows a second exemplary venue 900 (i.e., a sports arena) where the system architecture 200 of FIG. 2 may be employed. The venue 900 includes a sport play area 902 (e.g., a football field, a basketball court, etc.), a media member seating area 904, a VIP seating area 906, and a general seating area 908. Two of the WAPs 246 a are located proximate to the media member seating area 904, while several of the WAPs 246 b are located proximate to the VIP seating area 906 and several of the WAPs 246 c are located proximate to general seating area 908. Therefore, the end-user devices 202 a are within the wireless LAN range of WAPs 246 a, the end-user devices 246 b are within the wireless LAN range of WAPs 246 b, and the end-user devices 202 c are within the wireless LAN range of WAPs 246 c.

In one example, when requesting network access, the user devices 202 a may be associated with a higher access pass and/or a location (i.e., a higher priority region) which may be determined by a unique identifier (e.g., MAC address) of the WAPs 246 a. Thus, a first user status may be assigned to the user devices 202 a in order to provide network access according to the first permissible bandwidth consumption (such as a higher permissible bandwidth consumption). Further, as noted above, the type and/or classification of the end-user device can be detected by the system 200 and the specific end-user device 202 a can be assigned a greater permissible bandwidth (such as a value greater than the higher permissible bandwidth associated with the first user status). Additionally or alternatively, the type and/or classification of the end-user device application can be detected by the system 200 and the specific end-user device 202 a can be assigned a greater permissible bandwidth.

Further, when requesting network access, the user devices 202 c may be associated with a lower access pass and/or a location (i.e., a lower priority region) of the user devices may be determined by a unique identifier (e.g., MAC address) of the WAPs 246 c. Thus, a second user status may be assigned to the user devices 202 c in order to provide network access according to the second permissible bandwidth consumption (i.e., a lower permissible bandwidth consumption). Further, the type and/or classification of the end-user device can be detected by the system 200 and the specific end-user device 202 c can be assigned a greater permissible bandwidth (i.e., greater than the lower permissible bandwidth associated with the second user status). Additionally or alternatively, the type and/or classification of the end-user device application can be detected by the system 200 and the specific end-user device 202 c can be assigned a greater permissible bandwidth (i.e., greater than the lower permissible bandwidth associated with the second user status).

Furthermore, when requesting network access, the user devices 202 b may be associated with a medial access pass and/or a location (i.e., a medial priority region) of the user devices may be determined by a unique identifier (e.g., MAC address) of the WAPs 246 b. Thus, a third user status may be assigned to the user devices 202 b in order to provide network access according to a third permissible bandwidth consumption (i.e., a medial permissible bandwidth consumption). Further, as previously noted, the type and/or classification of the end-user device can be detected by the system 200 and the specific end-user device 202 b can be assigned a greater permissible bandwidth (i.e., greater than the medial permissible bandwidth associated with the third user status). Additionally or alternatively, the type and/or classification of the end-user device application can be detected by the system 200 and the specific end-user device 202 b can be assigned a greater permissible bandwidth (i.e., greater than the medial permissible bandwidth associated with the third user status).

It is recognized that in certain use cases, “conflicts” may arise, such as where a given user device is within wireless range of two or more WAPs simultaneously, while none-the-less being located in the prescribed area of interest (e.g., VIP seating or Press Box of FIG. 8). This situation can result from the overlap of wireless signals from two or more WAPs at the location. Hence, a user's device may simultaneously indicate two or three separate WAPS (e.g., “Time Warner Access Point—Press”, and “Time Warner Access Point—Audience”, or the like). These two or more WAPs may also be heterogeneous in service capability, such as where only the “Time Warner Access Point—Press” is enabled for enhanced uplink bandwidth. Indicated signal strengths (e.g., RSSI or the like) may also be roughly equal in certain cases, thereby not making one advertised WAP more attractive to the user than the other. Hence, the (untrained) Press Box user might inadvertently select the non-enabled WAP, and accordingly artificially limit themselves to non-enhanced service.

Accordingly, in one embodiment of the present disclosure, the “enhanced” WAP in the foregoing example is configured to advertise itself to prospective clients as “Enhanced”, “High Bandwidth”, “VIP” or the like, thereby tending to cause the user to select it over other possibilities.

In another embodiment, the user's device may be equipped with an “app” (e.g., for the appropriate operating system of the mobile or user device, such as Android or Microsoft O/S) authored or provided by the MSO for download onto the user's device such that it can intelligently screen WAPs within the venue. For instance, in one variant, the app can be configured to allow the user device to locate itself (e.g., via GPS receiver of the mobile device) and determine which of a plurality of WAPs within range of the mobile device at that location is appropriate for the user at that location (e.g., a “VIP” or press user located in a press box would only want to utilize the enhanced WAP, so as to e.g., enable high-bandwidth uploads). In another variant, the app is configured to display a graphical or other representation of the venue (such as may be provided automatically to the app from the WAP controller via a WAP, or by other means such as a link to a third-party mapping service such as a Google™ indoor maps API) such that the user can merely select their actual location by, e.g., touching their capacitive touch screen in an appropriate location, to “anchor” their mobile device and allow for determination of the best WAP option for the user, given their privileges for enhanced access (or lack thereof).

In yet another variant, the WAPs can be used to provide positioning location data such as via “time of flight” (TOF) or similar calculations based on reception of wireless signals from the user's device at two or more of the WAPs. In this fashion, the user's location can be used by the WAP controller to “map” the user into a known region for which enhanced service is to be provided (e.g., VIP or press box), and force the association with the enhanced-capability WAP, such as by disabling association by the particular user device (based on e.g., MAC address) with any other WAPs in the WLAN for at least a period of time. In this fashion, no app or other user device-side functions or processes need be employed; the WLAN automatically forces the user to the correct (i.e., highest bandwidth) WAP that is in range.

It will be recognized that while certain aspects of the disclosure are described in terms of a specific sequence of steps of a method, these descriptions are only illustrative of the broader methods of the disclosure, and may be modified as required by the particular application. Certain steps may be rendered unnecessary or optional under certain circumstances. Additionally, certain steps or functionality may be added to the disclosed embodiments, or the order of performance of two or more steps permuted. All such variations are considered to be encompassed within the disclosure disclosed and claimed herein.

Moreover, it is appreciated that each of the foregoing set of steps or methods are such that they may be readily reduced to one or more computer programs by those of ordinary skill given the present disclosure.

Additionally, while the above detailed description has shown, described, and pointed out novel features of the disclosure as applied to various embodiments, it will be understood that various omissions, substitutions, and changes in the form and details of the device or process illustrated may be made by those skilled in the art without departing from the disclosure. This description is in no way meant to be limiting, but rather should be taken as illustrative of the general principles of the disclosure. The scope of the disclosure should be determined with reference to the claims.

It will be further appreciated that while certain steps and aspects of the various methods and apparatus described herein may be performed by a human being, the disclosed aspects and individual methods and apparatus are generally computerized/computer-implemented. Computerized apparatus and methods are necessary to fully implement these aspects for any number of reasons including, without limitation, commercial viability, practicality, and even feasibility (i.e., certain steps/processes simply cannot be performed by a human being in any viable fashion). 

What is claimed is:
 1. A controller apparatus comprising: a processor apparatus configured to execute at least one computer program; a storage apparatus configured to store data, the data comprising user status data that is at least one of (i) a first user status associated with a first permissible bandwidth consumption, and/or (ii) a second user status associated with a second permissible bandwidth consumption, said second permissible consumption being less than said first permissible consumption; a first data interface in data communication with the processor apparatus and configured for signal communication with a local area wireless network; a second interface data communication with the processor apparatus and configured for signal communication with a network entity of a managed content delivery network (CDN); and a computer-readable storage apparatus having at least one computer program comprising a plurality of non-transitory computer readable instructions which are configured to, when executed by said processor apparatus, cause said controller apparatus to: receive data indicative of a first connection request from a first user device via said first interface; determine that said first user device is associated with said first user status; based at least in part on said first user device association with said first user status, assign said first permissible bandwidth to said first user device; enable access to said CDN via said second interface for said first user device consistent with said first permissible bandwidth consumption; receive data indicative of a second connection request from a second user device via said first interface; determine that said second user device is associated with said second user status; based at least in part on said second user device association with said second user status, assign said second permissible bandwidth consumption to said second user device; and enable access to said CDN via said second interface for said second user device consistent with said second permissible bandwidth consumption.
 2. The controller apparatus of claim 1, wherein said first user status and said second user status are each associated, respectively, based on a respective location within a venue of each of said first user device and said second user device, said respective location being one of a higher priority area and a lower priority area within said venue.
 3. The controller apparatus of claim 2, wherein: said first and second user requests respectively comprise first and second media access control (MAC) values associated with the first and second user devices, and the first and second user statuses are each respectively associated based at least on the first and second MAC values; and said plurality of non-transitory computer readable instructions are further configured to, when executed by said processor apparatus, cause said controller apparatus to determine the respective location within said venue of each of the first and second user devices based at least on MAC data relating to a respective wireless access point (WAP) associated with each of the first and second user devices.
 4. The controller apparatus of claim 2, wherein said first user device is in signal communication with a first wireless access point located in said higher priority area, and said second user device is in signal communication with a second wireless access point located in said lower priority area; and said first user status is associated with said first wireless access point and said second user status is associated with said second wireless access point.
 5. The controller apparatus of claim 4, wherein said first wireless access point has a first media access control (MAC) address detectable by said controller apparatus and said second wireless access point has a second MAC address detectable by said controller apparatus; and said first user status is associated with said first MAC address and said second user status is associated with said second MAC address.
 6. The controller apparatus of claim 1, wherein said first user status and said second user status are each associated, respectively, based on a class of end-user application of each of said first user device and said second user device, said class of end user application being one of a higher bandwidth consumption application class and a lower bandwidth consumption application class.
 7. The controller apparatus of claim 6, wherein said first user device comprises a first application of said high bandwidth consumption application class, said first application comprising a multi-media application having at least audio and video content, and said second user device comprises a second application of said lower bandwidth consumption application class, said second application comprising an audio-only application.
 8. The controller apparatus of claim 1, wherein at least one of said first user status and said second user status are each assigned, respectively, based on a temporally-limited access pass associated with a respective user of each of said first user device and said second user device, the temporally-limited access pass providing the associated first or second user status for only a limited period of time and within a given venue.
 9. The controller apparatus of claim 8, wherein the temporally-limited access pass comprises a permissible bandwidth consumption having an elevated bandwidth consumption in an uplink direction only.
 10. The controller apparatus of claim 1, wherein: said first permissible bandwidth consumption comprises one or more of low latency and high throughput; and said second permissible bandwidth consumption comprises one or more of higher latency and lower throughput than said first permissible bandwidth.
 11. The controller apparatus of claim 1, wherein said first permissible bandwidth consumption comprises an isochronous data transmission, and said second permissible bandwidth consumption comprises asynchronous data transmission.
 12. A method of providing wireless local area network (WLAN)-based services to a plurality of user devices within a prescribed location, the WLAN comprising a plurality of wireless access points (WAPs), the method comprising: receiving, at the WLAN, a first request from a first user device of the plurality of user devices, the first request comprising data explicitly identifying the first user device and requesting access to a content distribution and delivery network via the WLAN; determining a first WAP of the plurality of WAPs with which the first user device is associated; identifying data indicative of a first location of the first WAP; transmitting, to a network entity, (i) the data explicitly identifying the first user device and (ii) the data indicative of the first location of the first WAP; obtaining, from the network entity, data indicative of a first privilege of the first user device within the WLAN based at least in part on the data indicative of the first location of the first WAP; utilizing the data indicative of the first privilege to selectively implement at least one first WLAN access policy with respect to the first user device only while the first user device is associated with the first WAP at the first location; and applying at least one second WLAN access policy to one or more others of the plurality of user devices.
 13. The method of claim 12, wherein the receiving the first request comprises receiving the first request at the first WAP, and the method further comprises forwarding at least a portion of the first message to the network entity via a managed content delivery network (CDN) infrastructure.
 14. The method of claim 12, wherein the network entity comprises an entity in data communication with a database of user-specific data configured for both (i) associating the first user device with a first user, and (ii) identifying the first privilege.
 15. The method of claim 14, wherein the data explicitly identifying the first user device comprises a media access control (MAC) address, and the obtaining data indicative of a first privilege from the network entity at least in part comprises accessing the database.
 16. The method of claim 15, wherein the utilizing the data indicative of the first privilege to selectively implement the at least one first WLAN access policy with respect to the first user device comprises: providing the data indicative of the first privilege to a computerized controller entity in data communication with the first WAP; and utilizing the provided data within at least one of the first WAP and the computerized controller entity to correlate data indicative of the first privilege with the at least one first WLAN access policy.
 17. The method of claim 12, wherein the data explicitly identifying the user first device comprises a media access control (MAC) address, and the utilizing the data indicative of the first privilege to selectively implement the at least one first WLAN access policy comprises: subsequently identifying a plurality of data associated with the first user device based at least on the MAC address; and handling said identified plurality of data according to the at least one first WLAN access policy.
 18. The method of claim 17, wherein the handling said identified plurality of data according to the at least one first WLAN access policy comprises providing the plurality of data head-of-the-line privilege to an available data communications bandwidth of the WLAN.
 19. The method of claim 17, wherein the handling said identified plurality of data according to the at least one first WLAN access policy comprises reserving a prescribed portion of an available data communications bandwidth of the WLAN for use by the first user device.
 20. The method of claim 12, wherein the applying of the second WLAN access policy to the one or more others of the plurality of user devices comprises at least: receiving, at the WLAN, a second request from a second user device of the one or more others of the plurality of user devices, the second request comprising data explicitly identifying the second user device and requesting access to the content distribution and delivery network via the WLAN; determining a second WAP of the plurality of WAPs with which the second user device is associated; identifying data indicative of a second location of the second WAP; transmitting, to the network entity, (i) the data explicitly identifying the second user device and (ii) the data indicative of the second location of the second WAP; obtaining, from the network entity, data indicative of a second privilege of the second user device within the WLAN based at least in part on the data indicative of the second location of the second WAP; and utilizing the data indicative of the second privilege to selectively implement the at least one second WLAN access policy with respect to the second user device only while the second user device is associated with the second WAP at the second location; wherein the second WLAN access policy comprises a first permissible bandwidth lower than a second permissible bandwidth associated with the first WLAN access policy.
 21. A method of providing enhanced wireless local area network (WLAN)-based services to a plurality of user devices within a prescribed location, the WLAN comprising a plurality of wireless access points, the method comprising: receiving, at the WLAN, data indicative of a first request from a first user device of the plurality of user devices, the first request comprising data explicitly identifying the first user device and requesting access to a content distribution and delivery network via the WLAN; accessing a network entity and utilizing the data identifying the first user device to determine a privilege of the first user device within the WLAN; obtaining data indicative of the privilege from the network entity; obtaining data relating to one of the plurality of wireless access points with which the first user device is associated, wherein only a first portion of the plurality of wireless access points are enabled for provision of the enhanced WLAN-based services, the enhanced WLAN-based services comprising at least a first permissible bandwidth that is greater than a second permissible bandwidth of WLAN-based services provided by a second portion of the plurality of wireless access points; determining that the one of the plurality of wireless access points with which the first user device is associated is enabled for provision of the enhanced WLAN-based services; and utilizing (i) the data indicative of the privilege and (ii) the determination that the one wireless access point is enabled for provision of the enhanced WLAN-based services to selectively implement at least one WLAN access policy with respect to the first user device so as to provide the enhanced WLAN-based services.
 22. A controller apparatus comprising: a processor apparatus configured to execute at least one computer program; a storage device in data communication with the processor apparatus; a first data interface in data communication with the processor apparatus and configured for signal communication with a plurality of wireless local area network (WLAN) access points; a second data interface in data communication with the processor apparatus and configured for signal communication with a network entity of a managed content delivery network (CDN); and a computer-readable storage apparatus in data communication with said processor apparatus and having at least one computer program stored thereon, the at least one computer program comprising a plurality of non-transitory computer readable instructions which are configured to, when executed by said processor apparatus, cause said controller apparatus to: receive data indicative of a first service request from a first user device via said first interface, the first service request comprising a device-specific identifier of the first user device; utilize at least a portion of data indicative of the first service request to authenticate, within the CDN, the first user device as having a privilege associated with a first one of the plurality of WLAN access points disposed at a first location, the privilege comprising data indicative of a greater permissible bandwidth than a permissible bandwidth privilege associated with one or more others of the plurality of WLAN access points each disposed at one or more other locations; receive data indicative of the privilege from the CDN and store the data in the storage device; and subsequently utilize the stored data indicative of the privilege to cause the first one of the plurality of WLAN access points to recognize data indicative of one or more subsequent service requests from the first user device, and implement one or more policies for data access according to the privilege.
 23. The controller apparatus of claim 22, wherein the device-specific identifier comprises a MAC address.
 24. The controller apparatus of claim 22, wherein the device-specific identifier comprises a MAC address, use of said MAC address configured to obviate each of the WLAN and the CDN from having to evaluate data contained within a payload of the one or more subsequent service requests for authentication of policy for the first user device. 